Your Money — or Your Computer Files

They don’t sail high seas or fly pirate flags, but today’s cybercriminals are just as disruptive — especially when it’s your computer that’s being held ransom

Wednesday, September 07, 2016

Photo: Shutterstock

W

hen employees of a well-known Israeli public relations firm turned on their computers one recent morning, they were shocked to discover that they couldn’t access any of their files. All of the valuable documents stored in their computers — some of which contained information about the largest companies in the Israeli economy — were frozen. The hysteria in the office, already high, mounted even further when someone noted a chilling message at the bottom of the company’s main welcome screen: All files will be locked out until a ransom is paid in bitcoins (an international virtual currency). The ransomers were demandingNIS50,000 or about $13,250.

With no easy solution in sight, the public relations firm capitulated and transferred the full sum. In return, all the files were released and work returned to “normal.”

This particular firm isn’t the only one that’s been targeted. FromIsraeltoAmericatoAustralia, thieves are using ransomware to extort millions of dollars from companies and individuals. And the worst news of all: There’s no obvious solution in sight.

Held Ransom

It may sound like the opening of a suspense novel, but this story actually happened to an Israeli woman named Tova: “It all began when I opened a regular file attached to an e-mail that arrived in my inbox,” she relates. “I opened it without thinking too much, and the virus appeared on my screen. It caused all the files in my computer to be encoded — e-mails, documents, Excel, PDF and other files — and a window popped up demanding that I pay a ransom of $500 to release them.

“At first I contacted all the technicians I knew. I even traveled as far as Carmiel, where I’d heard there is an expert in the field. But I learned that no one in the entire country has been able to break the complex code of the ransomware virus. If I wanted back my files, I’d have to pay the ransom the swindlers were demanding.”

Even though Tova was willing to pay, it took her 15 frustrating hours to jump through all the hoops: She had to open a virtual wallet, transfer money, receive a code, wait for approvals, and more. Only after this lengthy process did she receive a program that released all the coding on her files.

And what if Tova had decided not to pay? “The hackers warned that if I didn’t pay the ransom within a week, the amount would go up by an additionalNIS1,000. And if I didn’t pay altogether, they told me I’d never be able to access my files again.”

Easy Money

While ransomware has recently made headlines around the globe, it’s actually been around since the early 1990s. While the first victims were mostly individuals, today large companies and institutions are just as likely to be targeted. And while some ransom demands might be relatively small — anywhere from $10 to $1,000 — overall the recent spike in attacks is costing private individuals and businesses hundreds of millions of dollars.

Indeed, according to a recent article in the Wall Street Journal, ransomware attacks cost victims $209 million in the first three months of 2016, including costs such as lost productivity and staff time to recover files. On average, a ransomware attack costs about $333,000, according to the FBI. That compares to a total of $24 million for all of 2015, or about $10,000 per infection.